none
Automate FIM 2010 Sync Engine Run Profile Execution RRS feed

  • Question

  • We have FIM2010 and synced contacts of two untrusted forests manually.

    Would like to automate the run through scheduled tasks. As per my call with an Microsoft Engineer , I was informed that it can be done only through powershell/vb script & Microsoft don't guarantee & recommend to run the sync through scheduled task.

    I have the below queries. Please clarify.
    1. Can u share me with a Powershell script for scheduling MA.
    2. Any customized tool? what will be the cost
    3. Can i directly run the powershell provided in few MS blogs? Is there any risks involved in it ?

    Also as per the below article there are 4 ways to do it. But there is no documentation for 3 step : task scheduling. Could you please clarify.

    http://social.technet.microsoft.com/wiki/contents/articles/1899.how-to-automate-fim-2010-sync-engine-run-profile-execution.aspx


    Ahmed Ali

    Saturday, September 15, 2012 5:07 PM

Answers

  • This is a very popular topic on this forum. To answer some of your questions..

    1. Check this link. This forum has lots of useful scripts. Here's one that sounds like what you need.

       http://social.technet.microsoft.com/wiki/contents/articles/13328.how-to-use-powershell-to-run-management-agents.aspx

    2. There are many excellent commercial tools. There are forum participants who work for those vendors who will probably jump in an pitch their products :)

    3. I never run a script I find online until I look it over and understand what it does and make sure it's what I need. That being said - I've found the scripts on most blogs to be very helpful.


    Frank C. Drewes III - Architect - Oxford Computer Group

    • Marked as answer by AhmedShaik Tuesday, September 18, 2012 12:15 PM
    Saturday, September 15, 2012 6:13 PM
  • I'd go through the list that Frank linked to to make sure that you know your options. This seems to be popular (I wrote it :-)) and it is a free - http://blog.goverco.com/p/marunscheduler.html


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | twitter at https://twitter.com/#!/MrGranfeldt

    • Marked as answer by AhmedShaik Tuesday, September 18, 2012 12:15 PM
    Saturday, September 15, 2012 7:41 PM
  • On Sun, 16 Sep 2012 07:44:44 +0000, AhmedShaik wrote:

    As we?don't?have test environment i believe risk is involved in running powershell cmdlets.

    If you don't have a test environment then you've got a much larger problem
    than running PowerShell cmdlets to schedule MA runs.

    Given what a metadirectory is and what it does, or can do, the potential
    for disaster using a production environment as a test environment is huge.
    Especially for one who is admittedly a "layman in FIM 2010".

    I'm not trying to offend you here, but if I had a potential FIM 2010
    customer who had only a production and no test/dev environment, I'd walk
    away from the engagement.


    Paul Adare
    MVP - Forefront Identity Manager
    http://www.identit.ca
    Computers are useless.  They can only give you answers.  -- Pablo Picasso

    • Marked as answer by AhmedShaik Friday, September 28, 2012 3:25 AM
    Sunday, September 16, 2012 8:22 AM
  • When you get to the part on configuring Run Profiles for use with either script or MARunScheduler, you can read this article (http://social.technet.microsoft.com/wiki/contents/articles/1147.aspx).

    As Paul Adare states - be sure to know what you're doing AND do test before putting into production.

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | twitter at https://twitter.com/#!/MrGranfeldt

    • Marked as answer by AhmedShaik Friday, September 28, 2012 3:25 AM
    Sunday, September 16, 2012 1:57 PM

All replies

  • This is a very popular topic on this forum. To answer some of your questions..

    1. Check this link. This forum has lots of useful scripts. Here's one that sounds like what you need.

       http://social.technet.microsoft.com/wiki/contents/articles/13328.how-to-use-powershell-to-run-management-agents.aspx

    2. There are many excellent commercial tools. There are forum participants who work for those vendors who will probably jump in an pitch their products :)

    3. I never run a script I find online until I look it over and understand what it does and make sure it's what I need. That being said - I've found the scripts on most blogs to be very helpful.


    Frank C. Drewes III - Architect - Oxford Computer Group

    • Marked as answer by AhmedShaik Tuesday, September 18, 2012 12:15 PM
    Saturday, September 15, 2012 6:13 PM
  • I'd go through the list that Frank linked to to make sure that you know your options. This seems to be popular (I wrote it :-)) and it is a free - http://blog.goverco.com/p/marunscheduler.html


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | twitter at https://twitter.com/#!/MrGranfeldt

    • Marked as answer by AhmedShaik Tuesday, September 18, 2012 12:15 PM
    Saturday, September 15, 2012 7:41 PM
  • Thanks Frank,

    As we don't have test environment i believe risk is involved in running powershell cmdlets. When I went through few other technet forums found if there are any errors in running (MA) the script will keep on continue and will not stop.

    I will be waiting for vendors to come up with their tools and the cost so that i can take up and get the approval from our client.


    Ahmed Ali

    Sunday, September 16, 2012 7:44 AM
  • Hi Soren,

    I have downloaded ur marunscheduler.zip. It has two file exe & xml.

    As per the blog we have to do changes in the xml file as per our requirement.

    I haven't found any configuration related Full Import, Full sync &export options.

    Really am confused as i am a layman in FIM2010.



    Ahmed Ali

    Sunday, September 16, 2012 8:07 AM
  • On Sun, 16 Sep 2012 07:44:44 +0000, AhmedShaik wrote:

    As we?don't?have test environment i believe risk is involved in running powershell cmdlets.

    If you don't have a test environment then you've got a much larger problem
    than running PowerShell cmdlets to schedule MA runs.

    Given what a metadirectory is and what it does, or can do, the potential
    for disaster using a production environment as a test environment is huge.
    Especially for one who is admittedly a "layman in FIM 2010".

    I'm not trying to offend you here, but if I had a potential FIM 2010
    customer who had only a production and no test/dev environment, I'd walk
    away from the engagement.


    Paul Adare
    MVP - Forefront Identity Manager
    http://www.identit.ca
    Computers are useless.  They can only give you answers.  -- Pablo Picasso

    • Marked as answer by AhmedShaik Friday, September 28, 2012 3:25 AM
    Sunday, September 16, 2012 8:22 AM
  • When you get to the part on configuring Run Profiles for use with either script or MARunScheduler, you can read this article (http://social.technet.microsoft.com/wiki/contents/articles/1147.aspx).

    As Paul Adare states - be sure to know what you're doing AND do test before putting into production.

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | twitter at https://twitter.com/#!/MrGranfeldt

    • Marked as answer by AhmedShaik Friday, September 28, 2012 3:25 AM
    Sunday, September 16, 2012 1:57 PM
  • I'd re-iterate what Paul said about the risks of not having a Test (or Dev!!!) environment to design and test your run profile execution model before deployment.  I am one of the forum contributers referred to by Frank above ... yes we have the Event Broker for FIM, which provides a single UI for managing, executing and monitoring your FIM operations, which includes support for near-real time.  Check it out by following the link below, but sort out your "risks" first ;)

    If anyone following this thread (in particular those who have posted above here) are interested they can still join up for the "how to" webinar this Wednesday.  It should help everyone attending better understand the difference between the various options to perform FIM operations involving sync.


    Bob Bradley (FIMBob @ TheFIMTeam.com) ... now using Event Broker 3.0 for just-in-time delivery of FIM 2010 policy via the sync engine, and continuous compliance for FIM


    • Edited by UNIFYBobMVP Monday, September 17, 2012 12:53 AM webinar link added
    Monday, September 17, 2012 12:23 AM
  • Hi Ahmed,

    We have a easy-to-use custom tool available with many advanced options. Check it out: http://www.traxionsolutions.com/imsequencer/. You can try it for free by downloading it from our webpage.

    Robin


    MCTS, MCPD

    Monday, September 17, 2012 7:59 AM